Pull request #29: feat(container): add coreos-container-image and coreos-container-package class

Merge in ICO/coreos from feat/container-bundle to master

* commit 'e1b6c73137d6a7ebf82c379bce9e5a9defe8148c':
  feat(container): add coreos-container-image and coreos-container-package class

layers/meta-belden-coreos-bsp/conf/machine/include/coreos-generic-machine/container.inc

@@ -7,14 +7,3 @@ MACHINEOVERRIDES =. "container:"
 
 # Containers don't need a kernel
 PREFERRED_PROVIDER_virtual/kernel = "linux-dummy"
-
-# Containers normaly don't need systemd or any of the VIRTUAL_RUNTIME.
-# One ways to remove it is to make a custome base image for container that don't
-# install any of the virtual runtime, the other ways is to use the same image
-# as for non-container machine and just set all the VIRTUAL_RUNTIME variables
-# to an empty string here:
-VIRTUAL-RUNTIME_dev_manager = ""
-VIRTUAL-RUNTIME_login_manager = ""
-VIRTUAL-RUNTIME_init_manager = ""
-VIRTUAL-RUNTIME_initscripts = ""
-VIRTUAL-RUNTIME_keymaps = ""

layers/meta-belden-coreos-demo/conf/layer.conf

@@ -0,0 +1,13 @@
+# We have a conf and classes directory, add to BBPATH
+BBPATH .= ":${LAYERDIR}"
+
+# We have recipes-* directories, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
+            ${LAYERDIR}/recipes-*/*/*.bbappend"
+
+BBFILE_COLLECTIONS += "meta-belden-coreos-demo"
+BBFILE_PATTERN_meta-belden-coreos-demo = "^${LAYERDIR}/"
+BBFILE_PRIORITY_meta-belden-coreos-demo = "6"
+
+LAYERDEPENDS_meta-belden-coreos-demo = "meta-belden-coreos meta-belden-coreos-bsp"
+LAYERSERIES_COMPAT_meta-belden-coreos-demo = "kirkstone"

layers/meta-belden-coreos-demo/recipes-core/images/coreos-image-demo-container.bb

@@ -0,0 +1,6 @@
+DESCRIPTION = "A image that run the lighttpd webserver inside a contasiner"
+
+inherit coreos-image
+
+IMAGE_FEATURES += "ssh-server podman dev-tools cockpit networkmanager"
+IMAGE_INSTALL:append = " packagegroup-core-full-cmdline coreos-container-lighttpd"

layers/meta-belden-coreos-demo/recipes-demo/containers/coreos-container-image-lighttpd.bb

@@ -0,0 +1,10 @@
+SUMMARY = "A lighttpd container image"
+
+inherit coreos-container-image
+
+IMAGE_INSTALL:append = " \
+    busybox \
+    lighttpd \
+    lighttpd-module-access \
+    lighttpd-module-accesslog \ 
+"

layers/meta-belden-coreos-demo/recipes-demo/containers/coreos-container-lighttpd.bb

@@ -0,0 +1,7 @@
+SUMMARY = "A lighttpd container package"
+
+inherit coreos-container-package
+
+CONTAINER_IMAGE = "coreos-container-image-lighttpd"
+PODMAN_RUN_OPTIONS = "-p 80:80 --entrypoint /usr/sbin/lighttpd"
+PODMAN_RUN_CMD = "-D -f /etc/lighttpd/lighttpd.conf"

layers/meta-belden-coreos/classes/coreos-container-image.bbclass

@@ -0,0 +1,53 @@
+# Class used to generate container image based on Belden CoreOS
+
+IMAGE_FSTYPES = "container oci"
+IMAGE_FEATURES = "read-only-rootfs"
+IMAGE_LINGUAS = ""
+NO_RECOMMENDATIONS = "1"
+
+# We have choosen to use the same machine configuration for container and 
+# the host, thus we can't use linux-dummy has the default kernel provider.
+IMAGE_CONTAINER_NO_DUMMY = "1"
+
+
+# Only install a reduced set of packages in a container. This correspond to
+# a subset of packagegroup-core-boot
+COREOS_CONTAINER_IMAGE_BASE_INSTALL = '\
+    base-files \
+    base-passwd \
+    netbase \
+    os-release \
+    '
+
+COREOS_CONTAINER_IMAGE_EXTRA_INSTALL ?= ""
+IMAGE_INSTALL ?= "${COREOS_CONTAINER_IMAGE_BASE_INSTALL} ${COREOS_CONTAINER_IMAGE_EXTRA_INSTALL}"
+
+# Images features for containers
+# ==============================================================================
+
+inherit image
+inherit image-oci
+
+IMAGE_CMD:oci:append() {
+    # meta-virtualization default IMAGE_CMD doesn't create a symlink on kirkstone
+    image_link_name="${IMAGE_LINK_NAME}${IMAGE_NAME_SUFFIX}-oci"
+
+    ln -sf "$image_name" "$image_link_name"
+
+    if [ -n "${OCI_IMAGE_TAR_OUTPUT}" ]; then
+        ln -sf "$image_name.tar" "$image_link_name.tar"
+    fi
+}
+
+# Workaround /var/volatile for now
+# See layers/meta-virtualization/recipes-extended/images/container-base.bb
+ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('IMAGE_FEATURES', 'init-manager', '', 'rootfs_fixup_var_volatile ; ', d)}"
+rootfs_fixup_var_volatile () {
+    install -m 1777 -d ${IMAGE_ROOTFS}/${localstatedir}/volatile/tmp
+    install -m 755 -d ${IMAGE_ROOTFS}/${localstatedir}/volatile/log
+
+    # When using systemd, systemd is responsible to link /var/{log,tmp} to /var/volutile/{log,tmp}
+    # As container doesn't normally use systemd, we create the link by ourself here
+    ln -sf ${localstatedir}/volatile/tmp ${IMAGE_ROOTFS}/${localstatedir}/tmp
+    ln -sf ${localstatedir}/volatile/log ${IMAGE_ROOTFS}/${localstatedir}/log
+}

layers/meta-belden-coreos/classes/coreos-container-package.bbclass

@@ -0,0 +1,102 @@
+# This class is used to package a single container into an image
+# The container image is a recipe that inherit the coreos-container-image class
+
+
+# Theses variables are used to configure which and how containers are bundled:
+# ==============================================================================
+
+CONTAINER_IMAGE ??= ""
+
+# At the moment, only podman is supported. Support for for `systemd-container`
+# or another runtime can be added later if needed
+CONTAINER_RUNTIME ??= "podman"
+
+OCI_STORAGE_DIR ??= "/usr/share/coreos-oci"
+
+# OCI image is needed for podman, container image for systemd
+INSTALL_OCI_IMAGE ??= "${@bb.utils.contains("CONTAINER_RUNTIME", "podman", "1", "0", d)}"
+
+# Set this variable to "0" to turn off the installation of a generated systemd
+# service file
+INSTALL_GENERATED_SYSTEMD_SERVICE ??= "1"
+GENERATED_SYSTEMD_SERVICE_NAME ??= "${PN}"
+GENERATED_SYSTEMD_SERVICE_WANTED_BY ??= "multi-user.target"
+
+PODMAN_RUN_OPTIONS ??= ""
+PODMAN_RUN_CMD ??= ""
+
+# Package configuration
+# ==============================================================================
+
+LICENSE ?= "CLOSED"
+PACKAGE_ARCH="${MACHINE_ARCH}"
+
+# Dependencies
+# ==============================================================================
+
+INHIBIT_DEFAULT_DEPS = "1"
+do_install[depends] += "${CONTAINER_IMAGE}:do_image_complete"
+RDEPENDS:${PN} += "${CONTAINER_RUNTIME}"
+
+
+# SystemD integration
+# ==============================================================================
+
+inherit systemd 
+SYSTEMD_SERVICE:${PN} ??= "${GENERATED_SYSTEMD_SERVICE_NAME}.service"
+
+
+# Tasks
+# ==============================================================================
+
+# Disable the do_compile tasks
+do_compile[noexec] = "1"
+
+DEPLOYDIR = "${DEPLOY_DIR}/images/${MACHINE}"
+FILES:${PN} = " \
+    ${OCI_STORAGE_DIR} \
+    ${CONTAINER_STORAGE_DIR} \
+"
+
+do_install() {
+    if [ "${INSTALL_OCI_IMAGE}" = "1" ]; then
+        install -d "${D}${OCI_STORAGE_DIR}"
+
+        # Get the real directory name from the symlinks
+        oci_image=$(readlink -f "${DEPLOYDIR}/${CONTAINER_IMAGE}-${MACHINE}.rootfs-oci")
+
+        cp --no-preserve=ownership -r "${oci_image}" "${D}${OCI_STORAGE_DIR}/${CONTAINER_IMAGE}"
+
+        # Using skopeo doesn't work yet, but should be the way to go in the futures
+        #skopeo copy oci:${DEPLOYDIR}/${image}-${MACHINE}.rootfs-oci:latest "containers-storage:[vfs@${D}${CONTAINERS_STORAGE_DIR}+${TMPDIR}/skopeo]${image}"
+    fi
+
+    # Installing the systemd service file
+    if [ "${INSTALL_GENERATED_SYSTEMD_SERVICE}" = "1" ]; then
+        install -d "${D}${systemd_unitdir}/system"
+
+        if [ "${CONTAINER_RUNTIME}" = "podman" ]; then
+            # This generate a portable service file, like described in
+            # https://www.redhat.com/sysadmin/podman-shareable-systemd-services
+            # %t and %n are described in
+            # https://www.freedesktop.org/software/systemd/man/systemd.unit.html
+            cat >${D}${systemd_unitdir}/system/${GENERATED_SYSTEMD_SERVICE_NAME}.service <<EOF
+[Unit]
+Description=Run ${image} with Podman
+
+[Service]
+Restart=on-failure
+ExecStartPre=/usr/bin/rm -f /%t/%n-pid /%t/%n-cid
+ExecStart=/usr/bin/podman run --conmon-pidfile /%t/%n-pid --cidfile /%t/%n-cid -d ${PODMAN_RUN_OPTIONS} oci:${OCI_STORAGE_DIR}/${CONTAINER_IMAGE} ${PODMAN_RUN_CMD}
+ExecStop=/usr/bin/sh -c "/usr/bin/podman rm -f \`cat /%t/%n-cid\`"
+KillMode=none
+Type=forking
+PIDFile=/%t/%n-pid
+
+[Install]
+WantedBy=${GENERATED_SYSTEMD_SERVICE_WANTED_BY}
+EOF
+        fi
+    fi
+
+}

layers/meta-belden-coreos/classes/coreos-image.bbclass

@@ -72,11 +72,6 @@ COREOS_IMAGE_BASE_INSTALL = '\
     os-release \
     '
 
-COREOS_IMAGE_BASE_INSTALL:container = '\
-    packagegroup-base \
-    os-release \
-    '
-
 COREOS_IMAGE_EXTRA_INSTALL ?= ""
 
 IMAGE_INSTALL ?= "${COREOS_IMAGE_BASE_INSTALL} ${COREOS_IMAGE_EXTRA_INSTALL}"

layers/meta-virtualization

@@ -1 +1 @@
-Subproject commit 9a487c1851aa2021cf24f951957e22fd429c8025
+Subproject commit a0d0f4ff48f874703d9e24a5d969d816b524c8b8

layers/openembedded-core

@@ -1 +1 @@
-Subproject commit f7766da462905ec67bf549d46b8017be36cd5b2a
+Subproject commit 45a8b4101b14453aa3020d3f2b8a76b4dc0ae3f2

templates/bblayers.conf.sample

@@ -9,6 +9,7 @@ BBLAYERS ?= " \
   ##OEROOT##/meta \
   ##COREOS_LAYERSDIR##/meta-belden-coreos \
   ##COREOS_LAYERSDIR##/meta-belden-coreos-bsp \
+  ##COREOS_LAYERSDIR##/meta-belden-coreos-demo \
   ##COREOS_LAYERSDIR##/meta-belden-marvell-bsp \
   ##COREOS_LAYERSDIR##/meta-openembedded/meta-oe \
   ##COREOS_LAYERSDIR##/meta-openembedded/meta-networking \